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REMARKS 

Claims 1, 12 and 13 are amended to correct formality errors and to 
more clearly define the invention. No new issues are raised in these amendments. 

Support for the amendments is found in the existing claims and in the 
Application description in connection with Figure 2 on pages 10-13 and other places. 

/. Objection to claims 1 and 13. 

Claims 1 and 13 are objected as having a suiplus comma in the phrase 
"incorporating, said encrypted address portion". 

Claim I and 13 are amended to delete the surplus comma in 
accordance with the Examiner's suggestion. Consequently this ground of objection is 
no longer deemed to apply and its withdrawal is respectfully requested. 

77. Rejection of claim 12 under 35 USC 112* 

Claim 12 is rejected under 35 USC 112 second paragraph as being 
indefinite for failing to particularly point out and distinctly claim the subject matter. 
Specifically, claim 12 is rejected for reciting "said link processor encrypts said 
address portion of said URL using an RSA (Rivcst Shamir Adleman) MD5 
compatible algorithm" and the RSA MD5 function is a hashing function not an 
encryption function. 

Claim 12 is amended to recite the "said link processor encodes said 
address portion of said URL using an RSA (Rivest Shamir Adleman) MD5 
compatible hashing function". Therefore, claim 12 unambiguously recites the RSA 
MD5 function is used to perform hashing. Consequently this ground of rejection is no 
longer deemed to apply and its withdrawal is respectfully requested. 

///. Rejection under 35 £/.S.C 102(b) 

Claims 1-13, 5, 7-13 and 15-22 are rejected under 35 U.S.C. 102(b) as 
being anticipated by U.S. Patent 5,708,780 - Levergood et al. These claims, as 
amended, are deemed to be patentable for the reasons given below. 
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Amended claim 1 recites a system "employed by an application for 
encoding URL link data for use in detecting unauthorized URL modification" 
comprising "a link processor for processing URL data by identifying an address 
portion of said URL, encrypting said address portion of said URL, incorporating said 
encrypted address portion of said URL, together with said address portion of said 
URL in non-encrypted form, into a single processed URL data string and providing a 
key supporting decryption of said encrypted address portion to a destination system; 
and a communication processor for incorporating said processed URL data string into 
formatted data for communication to said destination system". These features are not 
shown (or suggested) in Levergood. 

The system of claim 1 involves "encrypting said address portion of 
said URL, incorporating, said encrypted address portion of said URL, together with 
said address portion of said URL in non-encrypted form, into a single processed URL 
data ♦string". As well as "providing a key supporting decryption of said encrypted 
address portion, to a destination system", for use in decrypting the "encrypted address 
portion" by the "destination system". These features address the security deficiencies 
of URL processing functions of electronic systems. "Applications are vulnerable to 
the corruption of URL data and the context information conveyed within the URL 
data. The URL data conveyed from application 200 to application 230 includes 
context information comprising a session identifier and optionally a user or patient 
identifier. This URL data is potentially vulnerable to corruption to cause URL replay 
or redirection of an application to a substitute address or to gain access to application 
functions and parameters for unauthorized purposes. In order to protect against such 
corruption and to ensure that the entity being accessed is the one originally targeted, 
portions of the URL data conveyed between applications are advantageously 
encrypted" (Application page 1 1 lines 1-9). 

The claimed system addresses the security problem by ensuring "that a 
URL link (e.g. a URL link to child application 230) embedded in a web page provided 
for display using browser 10 is not redirected. For this purpose, application 200 
generates a hash value from the domain* path, program, and program data portion of 
the URL. Application 200 (as the sending application) generates a hash value from 
the fully qualified URL link" (Application page 9 lines 32-37). "Application 230 
decrypts the received hash value for comparison with a corresponding hash value 
independently generated from corresponding URL data retrieved from a web server". 
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Specifically, the * Independently generated hash value and the hash value received by 
application 230 from application 200 via browser 10 are compared and if they are not 
equal, the request to initiate application 230 is rejected" (Application page 10 lines 
25-37). 

Levergood does not show or suggest "encrypting said address 
' portion of said URL incorporating, said encrypted address portion of said URL, 
together with said address portion of said URL in non-encrypted form, into a single 
processed URL data string" for decryption by a "destination system** using the 
provided "key supporting decryption of said encrypted address portion". Levergood 
does not show or suggest "providing a key supporting decryption of said encrypted 
address portion, to a destination system", for use in decrypting the "encrypted address 
portion" by the "destination system"* In an exemplary embodiment of the invention 
illustrated in the Application specification pages 11-13, application 200 
advantageously, for example, encrypts "a URL link address portion" comprising a 
hash value identified by field identifier GSH= derived by "hashing on the 
addressable portion of a fully qualified URL" comprising the "URL data either lying 
between the "hup://" and the question mark "?" or from the data lying between the 
"http://" and the pound/number sign "#" - whichever comes first" (Application page 
10 lines 1-2 and page 11 line 25-27). Consequently, in the exemplary URL string 
shown processed in the specification page 12 

www.smed.com/altoona/prtf/re^^ 
&Pid=1772693&Frgclr«=bluc 

the compressed address portion is 24017 which is concatenated with a patient 
identifier (Application page 12 line lines 17-21) as shown: 

GSH=24017&Kd=1772693 
and is encrypted into the string 

1 6sf dj whejeyw7rh3hekw 
to produce the processed URL including the encrypted URL address portion: 

www.smed.com/altoona/prd/results.exe/1 ?GSM=16253384937: 16sfdjwhejey 

-9. 
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w7rh3hekw&Frgcln=blue. 

This is an exemplary "processed URL", The Rejection makes a fundamental error 
on page 3 in interpreting the Levergood reference. Contrary to the Rejection 
statements on page 3, Levergood in column 5 lines 61-65 and column 3 lines 34-37 
relied on in the Rejection merely discloses encryption of a session identifier (SID) and 
an IP address. Specifically, Levergood states "the digital signature is a cryptographic 
hash of the remaining items in the SID and the authorized IP address which are 
encrypted with a secret key which is shared by the authentication and content 
servers"- Levergood column 5 lines 61-65, also see column 3 lines 33-37). 

Further, although in Levergood a valid session identifier "typically 
comprises" an "accessible domain" in the "SID encrypted with a secret key", the 
Levergood accessible domain is NOT a URL or an address portion of a URL 
(Levergood column 3 lines 33-37). Levergood explicitly defines an accessible 
"domain** as a collection of files and NOT a URL or address portion of a URL ("A 
protection domain is defined by the service provider and is a collection of controlled 
files of common protection within one or more servers" - Levergood column 3 lines 
52-55), This is further made clear in column 5 lines 54-61 stating a 44 prefenred SID is 
a sixteen character ASCII string that encodes 96 bits of SID data" that contains "an 8- 
bit domain comprising a set of information files to which the current SID authorizes 
access". Such an "accessible domain" as used by Levergood is not in a URL link 
address portion. This is further corroborated in Levergood in column 6 lines 29-34 
indicating that a domain is in the non-address, URL data field portion of a URL (e.g. 
after the question mark), specifically, a "REDIRECT URL might be: 
M http^/auth.com/authenticate?domain= [doroain]& URL = http://content.com/report'\ 

Levergood does not show or suggest "encrypting said address 
portion of said URL, Neither a session identifier nor an IP address as used in 
Levergood are a "URL or a URL address portion". Indeed a URL and IP address are 
distinct and different objects with totally different functions ("the content server 
records the URL and the IP address" - Levergood column 5 lines 37-38). An IP 
address describes an electronic address of an Internet entity whereas a URL "consists 
of three parts: the transfer format, the host name of the machine that holds the file, 
and the path to the file" (Levergood column 2 lines 28-31). A session identifier 
identifies a user session of computer operation for example and is itself a distinct 
entity that may be conveyed within a field of a URL (Application page 1 1 line 22). 
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Levergood also does not show or suggest the claim 1 feature 

combination involving "incorporating, said encrypted address portion of said URL, 

together with said address portion of said URL in non-encrypted form, into a single 

processed URL data string** for decryption by a "destination system" using the 

provided "key supporting decryption of said encrypted address portion". Contrary to 

the Rejection statement on page 4 and as explained previously, the SID of Levergood 

does NOT contain an "encrypted address portion" of a URL. Further, the purpose of 

the Levergood encryption is to ensure validity of session identifiers (SIDs) by using 

an "Internet server" to subject "the client to an authorization routine prior to issuing 

the SID" (Levergood column 3 lines 24-26). In contrast, the Application addresses the 

problem of preventing "URL replay or redirection" through its recognition that URLs 

are "vulnerable to corruption" (Application page 11 lines 1-9). Consequently there is 

no reason, problem recognition or motivation for amending the Levergood system to 

include the claimed arrangement. Consequently, withdrawal of the rejection of claim 

1 under 35 USC 102(b) is respectfully requested. 

Dependent claim 2 is considered to be patentable based on its 
dependence on claim 1. Claim 2 is also considered to be patentable because 
Levergood does not show (or suggest) a "link processor" that "adaptively identifies 
said address portion as URL data either, (a) lying between "http://" and a question 
mark or (b) lying between "http;//" and a pound/number sign "#", in response to 
whichever of condition (a) and (b) is satisfied first". Contrary to the Rejection 
statement on page 4 and as explained in connection with claim 1, Levergood in 
column 3 line 56 to column 4 line 18 does not provide any description of adaptively 
identifying an "address portion" of a URL based on "whichever" of a "condition (a) 
and (b) is satisfied first". Specifically, adaptively identifying an "address portion" as 
URL data either, (a) lying between "http://" and a question mark "?" or (b) lying 
between "http://" and a pound/number sign "#"» in response to whichever of condition 
(a) and (b) is satisfied first* \ Levergood also shows no recognition of the problem this 
feature addresses. 

Dependent claim 3 is considered to be patentable based on its 
dependence on claim 1. Claim 3 is also considered to be patentable because 
Levergood does not show (or suggest) "adaptively" identifying the "address portion 
based on the application associated with said URL". Contrary to the Rejection 
statement on page 4, Levergood in column 3 line 56 to column 4 line 18 does not 
provide any 35 USC 112 compliant enabling description of such a feature. 
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Dependent claim 5 is considered to be patentable based on its 
dependence on claim J and for reasons given in connection with claim 1. 

Dependent claim 7 is considered to be patentable based on its 
dependence on claim 1 and for reasons given in connection with claim 1. 

Dependent claim 8 is considered to be patentable based on its 
dependence on claim 1 . 

Dependent claim 9 is considered to be patentable based on its 
dependence on claims 1 and 8 for reasons given in connection with these claims. 
Claim 9 is also considered to be patentable because Levergood does not show (or 
suggest) a "link processor** that "incorporates said session identifier into said 
processed URL data string by formatting said session identifier into a data field 
including said session identifier and encrypted address separated by a colon (that is, 
session identifienencrypted address)**. Levergood does NOT show or suggest such 
features in column 3 lines 12-16 or elsewhere. 

Dependent claim 10 is considered to be patentable based on its 
dependence on claim 1, Claim 10 is also considered to . be patentable because 
Levergood docs not show (or suggest) a "link processor" that "concatenates said 
address portion of said URL together with data associated with a personal record to 
form a data element, and encrypts said data element for incorporation into said single 
processed URL data string*'. The Levergood system in column 3 lines 34-37 or 
elsewhere does not show selection of a URL address portion at all and does not show 
or suggest a "link processor** that "concatenates said address portion of said URL 
together with data associated with a personal record to form a data element. 
Levergood also does not show or suggest encryption of "said data element for 
incoiporation into said single processed URL data string'*. 

Dependent claim 11 is considered to be patentable based on its 
dependence on claims I and 10. 

Dependent claim 12 is considered to be patentable based on its 
dependence on claim 1. 
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Amended independent claim 13 recites a "system employed by an 
application for encoding URL Jink data for use in detecting unauthorized URL 
modification" comprising "a link processor for processing URL data by identifying an 
address portion of said URL, encrypting said address portion of said URL, 
incorporating said encrypted address portion of said URL, together with said address 
portion of said URL in non-encrypted form and a session identifier identifying a user 
session of computer operation, into a single processed URL data string; and a 
communication processor for incorporating said processed URL data string into 
formatted data for communication to a request device". 

Amended claim 13 is considered to be patentable for the reasons given 
in connection with claims 1 and 8. Claim 13 is also considered to be patentable 
because Levergood in column 3 lines 12-16, 34-37 column 5 lines 52-65, column 4 
and column 7 or elsewhere does not show (or suggest) a feature combination 
including "a link processor for processing URL data" by "encrypting said address 
portion or said URL, incorporating, said encrypted address portion of said URL, 
together with said address portion of said URL in non-encrypted form and a 
session identifier identifying a user session of computer operation, into a single 
processed URL data string". Levergood does not show (or suggest) such features for 
the reasons given in connection with the previous claims. 

Independent claim 15 recites a "system employed by an application for 
decoding URL Jink data encoded for use in detecting unauthorized URL 
modification" comprising "an input processor for receiving an encoded URL; a link 
processor for processing said encoded URL by identifying an encrypted address 
portion of said received encoded URL and a corresponding non-encrypted address 
portion of said received encoded URL, decrypting said encrypted address portion of 
said URL to provide a decrypted URL address portion, a validation processor for 
determining if said decrypted URL address portion has been subject to unauthorized 
modification by determining if said decrypted URL address portion is different to said 
corresponding non-encrypted address portion of said received encoded URL' 7 . 

Amended claim 15 is considered to be patentable for the reasons given 
in connection with claim 1. Claim 15 is also considered to be patentable because 
Levergood does not show (or suggest) a feature combination that detects 
"unauthorized URL modification" by "decrypting said encrypted address portion of 
said URL to provide a decrypted URL address portion" and "determining if said 
decrypted URL address portion has been subject to unauthorized modification by 
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determining if said decrypted URL address portion is different to said corresponding 

non-encrypted address portion of said received encoded URL". The Lcvergood digital 

signature comparison relied on in column 6 lines 5-16 is to ensure validity of session 

identifiers (SIDs) by using an "Internet server" to subject "the client to an 

authorization routine prior to issuing ihe SID" (Levergood column 3 lines 24-26). In 

contrast, the Application addresses the problem of preventing "URL replay or 

redirection" through its recognition that URLs are "vulnerable to corruption" 

(Application page 1 1 lines 1-9). Consequently there is no reason, problem recognition 

or motivation for amending the Levergood system to include the claimed 

arrangement Consequently, Levergood does not show or suggest "decrypting said 

encrypted address portion of said URL to provide a decrypted URL address portion". 

Further, Levergood does not show or suggest (and is incapable of) "determining if 

said decrypted URL address portion has been subject to unauthorized modification by 

determining if said decrypted URL address portion is different to said corresponding 

non-encrypted address portion of said received encoded URL". 

Dependent claim 16 is considered to be patentable based on its 
dependence on claim 15. Claim 16 is also considered to be patentable because 
Levergood in column 6 lines 5-16 does not show (or suggest) a system in which "said 
decrypted URL address portion is a first hash value, and said validation processor, 
applies a hashing function to said corresponding non-encrypted address portion of 
said received encoded URL to provide a comparison second hash value, and 
compares said comparison second hash value with said first hash value, and upon a 
match determines a successful validation of said received encoded URL" indicating 
no "unauthorized URL modification". Levergood does not suggest such a feature 
combination or contemplate comparing hash values representing URL address 
portions. Levergood does not contemplate or provide a system for determining 
"unauthorized URL modification" 

Dependent claim 17 is considered to be patentable based on its 
dependence on claim IS. 

Dependent claim 18 is considered to be patentable based on its 
dependence on claim 15 for reasons given in connection with claims 1, 8, 10 and 1 1. 

Dependent claim 19 is considered to be patentable based on its 
dependence on claims 15 and 18 for reasons given in connection with claims 1, 8, 10 
and 11. 
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Amended independent claim 20 is a method claim mirroring apparatus 
claim 1 and is considered to be patentable for the same reasons. 

Amended independent claim 21 is a method claim mirroring apparatus 
claim 15 and is considered to be patentable for the same reasons. 

Amended dependent claim 22 is considered to be patentable based on 
its dependence on claim 21. Claim 22 is also considered to be patentable because of 
reasons given in connection with claims 15 and 16. Consequently, withdrawal of the 
rejection of claims 1-13, 5, 7-13 and 15-22 under 35 USC 102(b) is respectfully 
requested. 

TV. Rejection under 35 U.S. C. 103(a) 

Claims 4, 6 and 14 arc rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent 5,708,780 — Levergood. These claims are deemed to be 
patentable for the reasons given below. 

Dependent claim 4 is considered to be patentable based on its 
dependence on claims 1 and 3. Claim 4 is also considered to be patentable because 
Levergood does not show (or suggest) a "link processor" that "adaptively uses (a) 
an address portion for ASP (Active Server Page)~ applications comprising a 
SERVERJSTAME and SCRIPT JSTAME and (b) an address portion for a non-ASP 
applications comprising a SERVERJvf AME, SCRIPT.NAME, and PATHJNFO**. 
As recognized in the Rejection on page 7, Levergood does not disclose the use of 
Active Server Page applications. However, the Rejection takes Official Notice that 
"use of Active Server Page applications" is well known and would have been 
obvious to use in the claim 4 arrangement (Rejection page 7 lines 7-11). It is 
acceptable for official notice to be taken of a fact of "wide notoriety**, In re Howard, 
394 R 2d 869, 157 USPQ 615, 616 (CCPA 1968) e.g. a fact commonly known to 
laymen everywhere, 29 AM. Jur 2D Evidence S. 33 (1994) or of a fact that is 
capable of "instant and unquestionable demonstration", In re AWert 424 R 2d 1088, 
1091, 165 USPQ 418, 420 (CCPA 1970). However, official notice should not be 
taken of a fact normally subject to the possibility of rational disagreement among 
reasonable men, In m Eynde, 480 R 2d 1364, 1370; 178 USPQ 470, 474 (CCPA 
1973). It is submitted that the elements of which the Rejection takes official notice, 
in the context of their respective claims, are neither features of "wide notoriety**, (In 



-15- 



PAGE 16/18 * RCVD AT 6/22/2005 10:34:47 AM [Eastern Daylight Time] 1 SVR:USPT0-EFXRF-1/1 ' DNIS:8729308 1 CSIDH-732-321-3030 9 DURATION (mm-ss):0M2 



fe 

06-22-05; 09: 40AM; 



; 1-732-321-3030 # 17/ 18 



PATENT RESPONSE UNDER 
37CFR 1.116 EXPEDITED PROCEDURE 
EXAMINING GROUP (2137) 
Ser. No. 09/8 1 7,320 01 P0478 1 US 

re Howard), nor capable of "instant and unquestionable demonstration" (In re 

Ahlert). On the contrary, these features arc subject to the possibility of rational 

disagreement given the claim arrangements within which they reside. Consequently, 

Applicants take exception to this instance of Official notice used in the Rejection. 

Further, the Applicant requests that a showing be made of evidence that these 

features were well known, in the context of their respective claims at the time the 

invention was made. It is submitted that on the contrary, Levergood fails to 

recognize any need for adaptive URL generation responsive to whether an Active 

Server Page is involved or not Levergood does not mention use of Active Server 

Pages at all. Consequently, withdrawal of the rejection of claim 4 under 35 USC 

103(a) is respectfully requested. 

Dependent claim 6 is considered to be patentable based on its 
dependence on claim 1. Claim 6 is also considered to be patentable because 
Levergood does not show (or suggest) a "link processor** that "converts said address 
portion of said URL to lower case before compression". Contrary to the Rejection 
statement on page 7, Levergood does not provide any 35 USC 112 compliant enabling 
description of such a feature. Levergood fails to recognize any need for case sensitive 
conversion. Levergood does not mention lower case or upper case at all. 

Dependent claim 14 is considered to be patentable based on its 
dependence on claim 13. Claim 14 is also considered to be patentable because 
Levergood does not show (or suggest> a "link processor" that "compresses said 
identified address portion and encrypts said compressed address portion of said URL 
to provide said encrypted address portion and said link processor converts said 
identified address portion to lower case prior to compressing said identified address 
portion using a hash function". However, the Rejection takes Official Notice that 
4C URLs are case sensitive", that a "hash function** is sensitive to uppercase and lower 
case characters and that as a result 'forcing all characters** to lower case in the context 
of the claimed arrangement of claim 14 would have been obvious (Rejection page 8 
lines 1-6). It is acceptable for official notice to be taken of a fact of "wide notoriety", 
In re Howard, 394 F. 2d 869, 157 USPQ 615, 616 (CCPA 1968) e.g. a fact commonly 
known to laymen everywhere, 29 AM. Jur 2D Evidence S. 33 (1994) or of a fact that 
i$ capable of "instant and unquestionable demonstration". In re Ahlert 424 F. 2d 1088, 
1091, 165 USPQ 418, 420 (CCPA 1970). However, official notice should not be 
taken of a fact normally subject to the possibility of rational disagreement among 
reasonable men, In re Eynde, 480 F. 2d 1364, 1370; 178 USPQ 470, 474 (CCPA 
1973). It is submitted that the elements of which the Rejection takes official notice, in 
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the context of their respective claims, are neither features of "wide notoriety", (In re 
Howard), nor capable of "instant and unquestionable demonstration" (In re Ahlert). 
On the contrary, these features are subject to the possibility of rational disagreement 
given the claim anrangements within which they reside. Consequently, Applicants 
take exception to this instance of Official notice used in the Rejection. Further, the 
Applicant requests that a showing be made of evidence that these features were well 
known, in the context of their respective claims at the time the invention was made. It 
is submitted that on the contrary, Levergood fails show or suggest a "link processor" 
that "compresses said identified address portion and encrypts said compressed address 
portion of said URL to provide said encrypted address portion and said link processor 
converts said identified address portion to lower case prior to compressing said 
identified address portion using a hash function", Levergood also does not suggest 
such a feature combination for reasons given in connection with claims 1 and 6. 
Consequently, withdrawal of the rejection of claim 14 under 35 USC 103(a) is 
respectfully requested. 



the Application is in condition for allowance, and favorable reconsideration is 
requested. 



In view of the above amendments and remarks. Applicants submit that 



Respectfully submitted, 




Date: June 22, 2005 



Alexander J. Burke 



Reg. No. 40,425 
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